123456, qwerty: Indians continue to use easily hackable internet passwords

‘Password’. ‘123456’, ‘India@123’, ‘qwerty’ — these are some of the most common passwords that internet users in India use. These are easily hackable online passwords that can be cracked in within one second, claims a report on most common passwords of 2022 by Nord Secuirty’s password manager arm NordPass.

The report – which studied data from 30 countries — notes that despite growing cybersecurity awareness, old habits die hard. The research shows that people still use weak passwords to protect their accounts.

Also read: Cyber security integral to national security: Amit Shah

While the worst passwords might change every year, human beings are creatures of habit. Every year, researchers notice the same pattern — sports teams, movie characters, and food items dominate every password list, says the report.

Convenient usage

In 2022, ‘password’ was used 4.9 million times by users globally and 3.4 million times in India. The second most favoured password in India was used ‘123456’ which was used 166,757 times, while ‘Bigbasket’, surprisingly which was the fourth most used password, was used 75,081 times — may be inspired from increased online shopping.

Other commonly used passwords in India include ‘qwerty’, ‘anmol123’ and ‘googledummy’. According to NordPass, most users prefer convenient passwords that are easy to remember and use, which explains the use of easy keyboard combinations of numbers, letters, and symbols. Many users also prefer country names in their passwords such as “Indya123″ and “India@123.”

Not much change over the year

NordPass report shows that 73 per cent of the 200 most common passwords used in 2022 in the world are the same as last year. They also found that 83 per cent of the passwords in the list can be cracked in under a second.

The report also found that many users like to express emotions through passwords. For instance, ‘iloveyou’ and its translations in other languages are widely used in many countries. In India, ‘iloveyou’ was ranked at number 81.

The report also pointed out the impact of major events on the choice of passwords. For example, after the Oscars ceremony the password ‘Oscars’ was used 62,983 times. Similarly, names of hit films and shows too inspired choice of passwords. “Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021-2022. All are also popular passwords: ‘batman’ was used 2,562,776 times, ‘euphoria’ 53,993, and ‘encanto’ 10,808 times.

Also read: Centre to VPN providers: ‘Follow cyber security norms or quit country’

NordPass compiled a list of passwords in collaboration with independent researchers specializing in cybersecurity incidents. They analysed a 3TB database of passwords for the study.

Evolving technologies

On the positive side, Ieva Soblickaite, chief product officer at NordPass, said that passwords are getting harder to breach due to rapidly evolving technologies such as Open Authentication 2.0. It is one of the reasons why the sample of passwords available in the public domain for analysis was much smaller compared to previous years, said Soblickaite.

Soblickaite pointed out that more websites are now using Open Authentication 2.0, which is an industry-standard that allows websites and apps to access user resources hosted by other web apps, without sharing their passwords.